OESA-2023-1136

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1136

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1136.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1136

Upstream

CVE-2023-24580

Published

2023-03-04T11:04:59Z

Modified

2025-08-12T05:18:40.504958Z

Summary

python-django security update

Details

A high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Security Fix(es):

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.(CVE-2023-24580)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / python-django

Package

Name: python-django
Purl: pkg:rpm/openEuler/python-django&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.27-4.oe1

Ecosystem specific

{
    "noarch": [
        "python-django-help-2.2.27-4.oe1.noarch.rpm",
        "python3-Django-2.2.27-4.oe1.noarch.rpm"
    ],
    "src": [
        "python-django-2.2.27-4.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / python-django

Package

Name: python-django
Purl: pkg:rpm/openEuler/python-django&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.27-4.oe1

Ecosystem specific

{
    "noarch": [
        "python3-Django-2.2.27-4.oe1.noarch.rpm",
        "python-django-help-2.2.27-4.oe1.noarch.rpm"
    ],
    "src": [
        "python-django-2.2.27-4.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / python-django

Package

Name: python-django
Purl: pkg:rpm/openEuler/python-django&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.12-3.oe2203sp1

Ecosystem specific

{
    "noarch": [
        "python-django-help-2.2.27-4.oe2203.noarch.rpm",
        "python3-Django-2.2.27-4.oe2203.noarch.rpm",
        "python-django-help-3.2.12-3.oe2203sp1.noarch.rpm",
        "python3-Django-3.2.12-3.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "python-django-2.2.27-4.oe2203.src.rpm",
        "python-django-3.2.12-3.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / python-django

Package

Name: python-django
Purl: pkg:rpm/openEuler/python-django&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.12-3.oe2203sp1

Ecosystem specific

{
    "noarch": [
        "python-django-help-3.2.12-3.oe2203sp1.noarch.rpm",
        "python3-Django-3.2.12-3.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "python-django-3.2.12-3.oe2203sp1.src.rpm"
    ]
}